Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Dear release team, Please unblock package imagemagick (actually it is pending in deferred queue, uploaded as NMU to delayed/2 yet). Recent DSA fixed two CVEs for imagemagick, so I would like to fix the same set for imagemagick (although there would be more CVEs open for buster), as well for buster to avoid a regression from stretch -> buster? +imagemagick (8:6.9.10.23+dfsg-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Stack-based buffer overflow in function PopHexPixel in coders/ps.c + (CVE-2019-9956) (Closes: #925395) + * Heap-buffer-overflow in WriteTIFFImage of coders/tiff.c (CVE-2019-10650) + (Closes: #926091) + + -- Salvatore Bonaccorso <[email protected]> Fri, 03 May 2019 16:34:26 +0200 could you consider those changes please as well for buster? unblock imagemagick/8:6.9.10.23+dfsg-2.1 Regards, Salvatore
diff -Nru imagemagick-6.9.10.23+dfsg/debian/changelog imagemagick-6.9.10.23+dfsg/debian/changelog --- imagemagick-6.9.10.23+dfsg/debian/changelog 2019-01-08 15:08:25.000000000 +0100 +++ imagemagick-6.9.10.23+dfsg/debian/changelog 2019-05-03 16:34:26.000000000 +0200 @@ -1,3 +1,13 @@ +imagemagick (8:6.9.10.23+dfsg-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Stack-based buffer overflow in function PopHexPixel in coders/ps.c + (CVE-2019-9956) (Closes: #925395) + * Heap-buffer-overflow in WriteTIFFImage of coders/tiff.c (CVE-2019-10650) + (Closes: #926091) + + -- Salvatore Bonaccorso <[email protected]> Fri, 03 May 2019 16:34:26 +0200 + imagemagick (8:6.9.10.23+dfsg-2) unstable; urgency=medium * Bug fix: "identify 6.9.10-23 does not convert units (pixels per diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/0023-https-github.com-ImageMagick-ImageMagick-issues-1523.patch imagemagick-6.9.10.23+dfsg/debian/patches/0023-https-github.com-ImageMagick-ImageMagick-issues-1523.patch --- imagemagick-6.9.10.23+dfsg/debian/patches/0023-https-github.com-ImageMagick-ImageMagick-issues-1523.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.9.10.23+dfsg/debian/patches/0023-https-github.com-ImageMagick-ImageMagick-issues-1523.patch 2019-05-03 16:21:49.000000000 +0200 @@ -0,0 +1,35 @@ +From: Cristy <[email protected]> +Date: Fri, 22 Mar 2019 07:39:18 -0400 +Subject: https://github.com/ImageMagick/ImageMagick/issues/1523 +Origin: https://github.com/ImageMagick/ImageMagick6/commit/90401e430840c5ff31ad870f4370bbda1318ac94 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-9956 +Bug-Debian: https://bugs.debian.org/925395 +Bug: https://github.com/ImageMagick/ImageMagick/issues/1523 + +--- + coders/ps.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/coders/ps.c b/coders/ps.c +index cf8e4bdfccc9..828f6cfcbbcd 100644 +--- a/coders/ps.c ++++ b/coders/ps.c +@@ -2272,8 +2272,13 @@ RestoreMSCWarning + p++; + } + q=PopHexPixel(hex_digits,(size_t) index,q); +- q=PopHexPixel(hex_digits,(size_t) +- MagickMin(length,0xff),q); ++ q=PopHexPixel(hex_digits,(size_t) MagickMin(length,0xff),q); ++ if ((q-pixels+6) >= 80) ++ { ++ *q++='\n'; ++ (void) WriteBlob(image,q-pixels,pixels); ++ q=pixels; ++ } + if (image->previous == (Image *) NULL) + { + status=SetImageProgress(image,SaveImageTag, +-- +2.11.0 + diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/0024-https-github.com-ImageMagick-ImageMagick-issues-1532.patch imagemagick-6.9.10.23+dfsg/debian/patches/0024-https-github.com-ImageMagick-ImageMagick-issues-1532.patch --- imagemagick-6.9.10.23+dfsg/debian/patches/0024-https-github.com-ImageMagick-ImageMagick-issues-1532.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.9.10.23+dfsg/debian/patches/0024-https-github.com-ImageMagick-ImageMagick-issues-1532.patch 2019-05-03 16:31:31.000000000 +0200 @@ -0,0 +1,26 @@ +From: Cristy <[email protected]> +Date: Thu, 28 Mar 2019 20:35:26 -0400 +Subject: https://github.com/ImageMagick/ImageMagick/issues/1532 +Origin: https://github.com/ImageMagick/ImageMagick6/commit/4800ae0dabdb3012f82820af946060c3ca9fdb87 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-10650 +Bug-Debian: https://bugs.debian.org/926091 +Bug: https://github.com/ImageMagick/ImageMagick/issues/1532 + +--- + coders/tiff.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -3261,6 +3261,11 @@ static MagickBooleanType WriteTIFFImage( + TIFFUnmapBlob); + if (tiff == (TIFF *) NULL) + return(MagickFalse); ++ if (exception->severity > ErrorException) ++ { ++ TIFFClose(tiff); ++ return(MagickFalse); ++ } + scene=0; + debug=IsEventLogging(); + (void) debug; diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/0025-https-github.com-ImageMagick-ImageMagick-issues-1532.patch imagemagick-6.9.10.23+dfsg/debian/patches/0025-https-github.com-ImageMagick-ImageMagick-issues-1532.patch --- imagemagick-6.9.10.23+dfsg/debian/patches/0025-https-github.com-ImageMagick-ImageMagick-issues-1532.patch 1970-01-01 01:00:00.000000000 +0100 +++ imagemagick-6.9.10.23+dfsg/debian/patches/0025-https-github.com-ImageMagick-ImageMagick-issues-1532.patch 2019-05-03 16:26:37.000000000 +0200 @@ -0,0 +1,28 @@ +From: Cristy <[email protected]> +Date: Sat, 30 Mar 2019 07:10:45 -0400 +Subject: https://github.com/ImageMagick/ImageMagick/issues/1532 +Origin: https://github.com/ImageMagick/ImageMagick6/commit/d8d844c6f23f4d90d8fe893fe9225dd78fc1e6ef +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-10650 +Bug-Debian: https://bugs.debian.org/926091 +Bug: https://github.com/ImageMagick/ImageMagick/issues/1532 + +--- + coders/tiff.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/coders/tiff.c b/coders/tiff.c +index 31f39d2f73b9..00040a214e16 100644 +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -3280,7 +3280,7 @@ static MagickBooleanType WriteTIFFImage(const ImageInfo *image_info, + TIFFUnmapBlob); + if (tiff == (TIFF *) NULL) + return(MagickFalse); +- if (exception->severity > ErrorException) ++ if (image->exception.severity > ErrorException) + { + TIFFClose(tiff); + return(MagickFalse); +-- +2.11.0 + diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/series imagemagick-6.9.10.23+dfsg/debian/patches/series --- imagemagick-6.9.10.23+dfsg/debian/patches/series 2019-01-08 14:51:35.000000000 +0100 +++ imagemagick-6.9.10.23+dfsg/debian/patches/series 2019-05-03 16:27:07.000000000 +0200 @@ -20,3 +20,6 @@ 0020-Fix-remaining-error-in-documentation.patch 0021-Fix-privacy-breach.patch 0022-Revert-https-imagemagick.org-discourse-server-viewto.patch +0023-https-github.com-ImageMagick-ImageMagick-issues-1523.patch +0024-https-github.com-ImageMagick-ImageMagick-issues-1532.patch +0025-https-github.com-ImageMagick-ImageMagick-issues-1532.patch
